Video Marketing Software Animker Leaking Trove of User Data (UPDATED)

At the time of publishing this article, the database has continued to grow with new data.
Video Marketing Software Animker Leaking Trove of User Data

A misconfiguration of a database has caused a San Francisco, California, United States-based video marketing software provider to leak the personal details of its users on Shodan.

A misconfigured database has exposed test and personal data belonging to over 700,000 users of the websites getshow.io (an all-in-one video marketing platform) and animaker.com (a DIY video animation software).

It is worth noting that Getshow.io is owned by Animker.com. The server in question is registered under the domain name getshow.io, which animaker.com manages.

The database, which currently contains 5.3 GB of data, continues to grow with new data being added each day. The data exposed by the misconfiguration includes the personal data of unsuspected customers. This consists of the following information:

  1. Full names
  2. Device Type
  3. Postal Codes
  4. IP Addresses
  5. Mobile Numbers
  6. Email Addresses
  7. Animaker profile details
  8. Country/City/State/Location

However, no passwords were found in the data leak, as exclusively revealed to Hackread.com by cybersecurity researcher Anurag Sen from Clouddefense.ai. Sen said that he identified the server on Shodan while searching for misconfigured cloud databases.

The screenshot from the misconfigured server shows the type of information that is being exposed to the public without a password. This means anyone can access the server and would not need to bypass security authentication to access and download the data.

For your information, Shodan is an OSINT tool and a specialized search engine used by cybersecurity researchers to locate vulnerable Internet of Things (IoT) devices, including servers and misconfigured databases on the internet.

Moreover, a misconfigured database occurs when access controls and security settings are improperly configured or left at default settings. Nevertheless, Animker has been informed about the incident, but there has been no response so far. The company’s CEO, RS Raghavan, has been informed on Twitter.

Video Marketing Software Animker Leaking Trove of User Data
Image provided to Hackread.com by Anurag Sen

Potential Dangers

As misconfigured database exposes sensitive data, this can result in significant financial losses, legal liabilities, and reputational damage for affected individuals and organizations.

When a misconfigured database is exposed to the public, it can be discovered and exploited by cybercriminals who use automated tools to scan the internet for open databases. Once they find a vulnerable database, they can use it to steal data, install malware, hijack it for ransom, or launch other types of cyber attacks.

The consequences of a misconfigured database can be severe, as evidenced by recent data breaches at RailYatri and U.S. No Fly List. In these cases, millions of users had their personal information stolen, resulting in significant financial and reputational damage to the companies and authorities involved.

To prevent a misconfigured database from being exposed to the public, experts recommend implementing proper access controls and security settings, including strong passwords, encryption, and regular vulnerability assessments.

Organizations should also limit the amount of sensitive data stored in their databases and ensure that it is only accessible to authorized users.

UPDATE (January 2024)

Animaker contacted Hackread.com in January 2024, rejecting Sen’s findings and denying that the leaked data belonged to the company or its customers.

This is not our actual data and does not belong to our product URL. And the data that you are posting is not our customers’ data, the company told Hackread.com. However, Anurag Sen continues to stand by his findings and claims that the data belongs to Animaker.

  1. American online Ed site leaks 22TB of data
  2. Uganda Security Exchange leaks 32GB of data
  3. QR code generator My QR Code leaks user data
  4. India’s truck brokerage firm leaks 140GB of data
  5. Chinese Adult Site Leaking 14 Million User Details
Total
0
Shares
Related Posts